[BUG] Claude 2.1.71 Security False Positives

Resolved 💬 7 comments Opened Mar 8, 2026 by mcmch815 Closed Apr 6, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

The changelog for 2.1.71 said it "Fixed false-positive permission prompts for compound bash commands containing heredoc commit messages", however I am always getting these warnings for bash commands. This is a new bug for 2.1.71 as similar issues were for earlier versions and supposedly fixed in 2.1.71.

The warnings I am getting are " Command contains consecutive quote characters at word start
(potential obfuscation) " for bash commands.

What Should Happen?

I'm not sure. These warnings never appeared for me before the 'fix'. If Claude is the one constructing the commands, it should know it is safe to run, regardless of quotes.

Error Messages/Logs

Command contains consecutive quote characters at word start (potential obfuscation)  

Example:

cat > /tmp/check_amzn5.py << 'EOF'                        
   import sys                                                
   sys.path.insert(0, '/home/chris/miniconda3/envs/tf/sec_   
   structured_project')                                      
   from taxonomy_loader import load_taxonomy                 
   import sqlite3                                            
                                                             
   calc_map, _, _, _, _ = load_taxonomy()                    
                                                             
   def get_descendants(root, calc_map, visited=None):        
       if visited is None: visited = set()                   
       for child, _ in calc_map.get(root, []):               
           if child not in visited:                          
               visited.add(child)                            
               get_descendants(child, calc_map, visited)     
       return visited                                        
                                                             
   cor_desc = get_descendants('CostOfRevenue', calc_map)     
                                                             
   con = sqlite3.connect('/home/chris/miniconda3/envs/tf/s   
   ec_structured_project/sec_viewer.db')                     
   # Check the MOST RECENT 10-K for Amazon (2024)            
   adsh = '0001018724-25-000004'                             
   # Get ALL qtrs=4 tags filed for this adsh                 
   rows = con.execute("""                                    
       SELECT n.tag, n.value/1e9 as val_B, n.ddate           
       FROM num n                                            
       WHERE n.adsh=? AND n.qtrs=4 AND n.uom='USD'           
         AND n.segments IS NULL AND n.coreg IS NULL          
       ORDER BY abs(n.value) DESC LIMIT 50                   
   """, (adsh,)).fetchall()                                  
                                                             
   print("Top 50 IS tags for Amazon 2024 10-K:")             
   for t, v, d in rows:                                      
       in_cor = t in cor_desc or t == 'CostOfRevenue'        
       print(f"  {'[COR]' if in_cor else '     '} {t}:       
   ${v:.3f}B  ({d})")                                        
   EOF                                                       
   conda run -n tf python /tmp/check_amzn5.py                
   List all IS tags for Amazon 2024 10-K                     
                                                             
 Command contains consecutive quote characters at word start 
  (potential obfuscation)                                    
                                                             
 Do you want to proceed?                                     
 ❯ 1. Yes                                                    
   2. No

Steps to Reproduce

  1. Open claude code in Visual Code, WSL2 in conda enironment.
  2. Ask it to plan or do something
  3. Bash commands ultimately used, and nearly always produce a warning " Command contains consecutive quote characters at word start

(potential obfuscation) " and "Do you want to proceed"?

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

2.1.63

Claude Code Version

2.1.71

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

WSL (Windows Subsystem for Linux)

Additional Information

<img width="437" height="752" alt="Image" src="https://github.com/user-attachments/assets/c81f7e61-039f-41e0-95db-c4c8290235b8" />

<img width="623" height="207" alt="Image" src="https://github.com/user-attachments/assets/153a09d2-168e-49d5-8c90-2516587d7d17" />

View original on GitHub ↗

This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗